单节点愉快部署 Kubernetes-1.13.2
环境清单
- 系统:Ubuntu-18.04.1(阿里云东京节点)
- Kubernetes版本: 1.13.2
- Docker版本: 18.06-ce
Docker 版本不得高于18.06版本,否则 初始化时会提示 "WARNING")
准备工作
- 关闭swap
sudo swapoff -a
sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
- 内核参数配置
$ cat <<EOF | sudo tee - /etc/sysctl.d/docker.conf
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
$ sudo sysctl --system
安装Docker环境
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
在安装Docker版本时,apt缺省情况下会安装最新版本,然Kubernettes 对Docker版本最高的支持是18.06
$ sudo apt-cache madison docker-ce
docker-ce | 5:18.09.1~3-0~ubuntu-bionic | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 5:18.09.0~3-0~ubuntu-bionic | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 18.06.1~ce~3-0~ubuntu | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 18.06.0~ce~3-0~ubuntu | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
docker-ce | 18.03.1~ce~3-0~ubuntu | https://download.docker.com/linux/ubuntu bionic/stable amd64 Packages
$ sudo apt update && sudo apt install docker-ce=18.06.1~ce~3-0~ubuntu
更多参考:
https://docs.docker.com/install/linux/docker-ce/ubuntu/
国内建议使用阿里云镜像
安装 kubernetes
$ sudo apt-get update && sudo apt-get install -y apt-transport-https && curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
$ echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list && sudo apt-get update
$ sudo apt install -y kubeadm kubelet kubernetes-cni
- 初始化
$ sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=$(hostname -i) --service-dns-domain=k8s.local --kubernetes-version=v1.13.2
国内环境无法直接访问gcr.io,可以使用其它方式,如在初始化的时候阿里云构建的镜像:
--image-repository=registry.cn-shenzhen.aliyuncs.com/shuhui \
- 加入到集群(这里为单节点,不需要执行此命令)
kubeadm join $(hostname -i):6443 --token <token> --discovery-token-ca-cert-hash sha256:<hash>
-
导入配置文件到当前用户目录
- 普通用户
mkdir $HOME/.k8s sudo cp /etc/kubernetes/admin.conf $HOME/.k8s/ sudo chown $(id -u):$(id -g) $HOME/.k8s/admin.conf export KUBECONFIG=$HOME/.k8s/admin.conf echo "export KUBECONFIG=$HOME/.k8s/admin.conf" | tee -a ~/.bashrc- root用户(不推荐)
export KUBECONFIG=/etc/kubernetes/admin.conf -
部署网络
$ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
$ kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/k8s-manifests/kube-flannel-rbac.yml
- 为 master节点添加污点,该命令允许将pod安排在Kubernetes主服务器上运行。
$ kubectl taint nodes --all node-role.kubernetes.io/master-
- 查看运行的服务
$ kubectl get all -n kube-system
NAME READY STATUS RESTARTS AGE
pod/coredns-86c58d9df4-9b6xq 1/1 Running 0 8m59s
pod/coredns-86c58d9df4-lttq4 1/1 Running 0 8m59s
pod/etcd-k8s-lib.vqiu.cn 1/1 Running 0 8m2s
pod/kube-apiserver-k8s-lib.vqiu.cn 1/1 Running 0 8m18s
pod/kube-controller-manager-k8s-lib.vqiu.cn 1/1 Running 0 8m
pod/kube-flannel-ds-amd64-spqjc 1/1 Running 0 6m
pod/kube-proxy-kssqg 1/1 Running 0 8m58s
pod/kube-scheduler-k8s-lib.vqiu.cn 1/1 Running 0 8m15s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 9m13s
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/kube-flannel-ds-amd64 1 1 1 1 1 beta.kubernetes.io/arch=amd64 6m
daemonset.apps/kube-flannel-ds-arm 0 0 0 0 0 beta.kubernetes.io/arch=arm 6m
daemonset.apps/kube-flannel-ds-arm64 0 0 0 0 0 beta.kubernetes.io/arch=arm64 6m
daemonset.apps/kube-flannel-ds-ppc64le 0 0 0 0 0 beta.kubernetes.io/arch=ppc64le 6m
daemonset.apps/kube-flannel-ds-s390x 0 0 0 0 0 beta.kubernetes.io/arch=s390x 6m
daemonset.apps/kube-proxy 1 1 1 1 1 <none> 9m13s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/coredns 2/2 2 2 9m13s
NAME DESIRED CURRENT READY AGE
replicaset.apps/coredns-86c58d9df4 2 2 2 8m59s
部署一个测试应用
$ kubectl run guids --generator=run-pod/v1 --image=alexellis2/guid-service:latest --port 9000
kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
guids 1/1 Running 0 68s 10.244.0.5 k8s-lib.vqiu.cn <none> <none>
$ kubectl describe pods guids | grep IP:
IP: 10.244.0.5
$ curl 10.244.0.5:9000/guid
{"guid":"ede2f14a-884a-409a-85bc-064857cccd1c","container":"guids"}
部署dashboard
- 创建dashboard
$ kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard.yaml
- 创建 token供 dashboard授权
命令方式
$ kubectl create serviceaccount dashboard
$ kubectl create clusterrolebinding dashboard-admin -n default --clusterrole=cluster-admin --serviceaccount=default:dashboard
源码
$ cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system
EOF
目前为止,可以在本机使用 http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login这个URL来访问,但这样比较麻烦,我们需要进行映射到公网。
$ kubectl -n kube-system edit service kubernetes-dashboard
将 ClusterIP更改为 NodePort
获取Token
kubectl get secret $(kubectl get serviceaccount dashboard -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode
或
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep dashboard-admin | awk '{print $1}')
- 浏览器访问
使用 https://IP:32619/ 进行访问